aboutsummaryrefslogblamecommitdiff
path: root/ecookie.go
blob: 41e60f71f1f1e1c9c36bb005b32ce16718c96878 (plain) (tree) 
f464a92





12d7928

f464a92











f464a92




































































































12d7928


f464a92








1
2
3
4
5

6

7
8
9
10
11
12
13
14
15
16
17

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

118
119

120
121
122
123
124
125
126
127





                     
                       










                                                                      



































































































                                                                           

                                                            







                                                                     
package ecookie

import (
	"bytes"
	"crypto/rand"
	"crypto/subtle"
	"encoding/hex"
	"errors"
	"io"

	"golang.org/x/crypto/blake2b"
	"snix.ir/rabbitio"
)

var (
	ErrAUTHCOK = errors.New("ecookie: cookie is corrupted")
	ErrENDDATA = errors.New("ecookie: cookie length is too short")

	ErrBadKlen = errors.New("ecookie: key must be 16 byte len")
)

const (
	lenhashfnc = 32
	lenkrabbit = 16
	lenivahash = lenhashfnc + lenivforkt
	lenivforkt = 8
)

type Encryptor struct {
	key []byte
}

type Decryptor struct {
	key []byte
}

func NewEncryptor(key []byte) (*Encryptor, error) {
	if len(key) != lenkrabbit {
		return nil, ErrBadKlen
	}
	copyKey := make([]byte, lenkrabbit)
	copy(copyKey, key)
	return &Encryptor{key: copyKey}, nil
}

func NewDecryptor(key []byte) (*Decryptor, error) {
	if len(key) != lenkrabbit {
		return nil, ErrBadKlen
	}
	copyKey := make([]byte, lenkrabbit)
	copy(copyKey, key)
	return &Decryptor{key: copyKey}, nil
}

func randomIVGen() ([]byte, error) {
	iv := make([]byte, lenivforkt)
	if _, err := rand.Read(iv); err != nil {
		return nil, err
	}
	return iv, nil
}

func (h *Encryptor) Encrypt(src []byte) ([]byte, error) {
	ivx, err := randomIVGen()
	if err != nil {
		return nil, err
	}

	cip, _ := rabbitio.NewCipher(h.key, ivx)
	dst := make([]byte, len(src))
	cip.XORKeyStream(dst, src)
	hash, err := blake2bHash(multiReader(h.key, ivx, dst))
	if err != nil {
		return nil, err
	}

	buff := new(bytes.Buffer)
	_, err = io.Copy(hex.NewEncoder(buff), multiReader(hash, ivx, dst))
	return buff.Bytes(), err
}

func multiReader(vs ...[]byte) io.Reader {

	var rds []io.Reader
	for _, x := range vs {
		r := bytes.NewReader(x)
		rds = append(rds, r)
	}

	return io.MultiReader(rds...)
}

func blake2bHash(r io.Reader) ([]byte, error) {
	hasher, _ := blake2b.New256(nil)
	if _, err := io.Copy(hasher, r); err != nil {
		return nil, err
	}
	return hasher.Sum(nil), nil
}

func (h *Decryptor) Decrypt(raw []byte) ([]byte, error) {
	bf := new(bytes.Buffer)
	if _, err := io.Copy(bf,
		hex.NewDecoder(bytes.NewReader(raw))); err != nil {
		return nil, err
	}

	if bf.Len() < lenivahash {
		return nil, ErrENDDATA
	}

	u := bf.Bytes()
	cl, err := blake2bHash(multiReader(h.key, u[lenhashfnc:]))
	if err != nil {
		return nil, err
	}

	eq := subtle.ConstantTimeCompare(cl, u[:lenhashfnc])
	if eq != 1 {
		return nil, ErrAUTHCOK
	}

	cip, _ := rabbitio.NewCipher(h.key, u[lenhashfnc:lenivahash])
	pln := make([]byte, bf.Len()-lenivahash)
	cip.XORKeyStream(pln, u[lenivahash:])
	return pln, err
}

Snix LLC Git Repository Holder Copyright(C) 2022 All Rights Reserved Email To Snix.IR